I am not a robot: Why CAPTCHA tests are becoming increasingly difficult
I am not a robot: Why CAPTCHA tests are becoming increasingly difficult
CAPTCHA tests, designed to distinguish between humans and bots, no longer just challenge computers but are also becoming more difficult for people to crack
"Use the arrows to change the number of objects until they match the image on the left," I was challenged on X (formerly Twitter) in a test that included shapes like a fan made of bricks floating on a background of a tree with an illustration of a duck next to them. I looked at the assignment, not sure what I read, even though I thought I had reasonable reading comprehension abilities. X assigned me five such tests, I failed one and had to take five more tests. I successfully passed the second round and confirmed my human identity. A day later I was asked on a government website to identify the scrambled letters in the picture to prove I'm not a robot. Where are there letters here? I didn't understand.
On one site I tried to complete such a task a discouraging number of times and in the end I was blocked. On another site I actually managed quite well to rotate some birds and other non-existent objects until they turned in the direction the hand on screen was pointing to. "Very original", I thought to myself and ultimately only passed at the second attempt. In another case I was asked to identify all of the bikes in the picture. I swore there wasn't even one. Is the test smart? I asked myself and didn't mark anything. I was wrong.
1. With a little help from humans
What is clear is that the CAPTCHA test has become an increasingly difficult task in the last year. Its purpose is, of course, not to make me doubt my humanity or my reading comprehension, but only to create a defense mechanism that prevents bots from entering websites or getting an appointment at a government office. CAPTCHA, or "Completely Automated Public Turing test to tell Computers and Humans Apart" was conceived by a group of researchers from Carnegie Mellon University back in 2000. It is a test that supposedly only a human can pass, whose purpose is to block automated tools from entering websites and disrupting their activity. It is supposed to stop disruptions like bots that use computer speed to buy all of the tickets to see Beyoncé before fans can, or prevent a takeover of all available appointments at the Interior Ministry.
CAPTCHA is sometimes referred to as the "reverse Turing test" because it places the burden of proof on the human, not the machine. Early tests included texts designed in a wavy form and later also moved to tests that include pictures or identification of dogs and cats. The simplest and most famous test of all involves checking a simple box labeled "I am not a robot."
The approach of the Carnegie Mellon University researchers was based on deciphering distorted text that computers are unable to read. In the early years, the test was a great success, and in 2009 Google purchased the company reCAPTCHA that the researchers founded for tens of millions of dollars. Google not only used the tool to deal with the burgeoning bot problem, but also to recruit users from all over the world for a book digitization project. Thus, if the technology giant's computer systems were unable to recognize text, they would enter it into the CAPTCHA verification mechanism and the users would decode the text.
Over the years, more and more tools and methods have been developed to overcome these tests, some more sophisticated than others. Thus, for example, today there are "CAPTCHA farms" or places that employ low-wage workers to solve these tests, such as 2Captcha which offers the public interested in the service a solution of a thousand CAPTCHA tests for one dollar, with the help of human contract workers (who receive 50 cents an hour ). In contrast, there are companies that devote time and resources to developing tools that can solve these tests themselves in order to test the boundary between human and machine, or to attack websites.
Google itself published an article in 2013 in which it presented the use of artificial intelligence to solve "the most difficult category of reCAPTCHA" with a success and accuracy rate of 99.8%. In a more recent study, researchers were able to give OpenAI's advanced language model GPT4 a sufficiently detailed task which the model successfully solved. How did they do it? By employing a human worker through the Taskrabbit platform for small and quick tasks. Even Microsoft's new Bing can solve CAPTCHA.
2. The alternatives are also bad
The CAPTCHA world today is a direct result of tools that are getting better and better at performing tasks that once separated humans and machines. As more tools are created to overcome these tests, companies perfect their tests and make CAPTCHA more and more difficult. Anyone who knows a bit about the tech sector can guess where this dynamic is leading us - a hellish loop in which humans already have difficulty solving the puzzle that is supposed to fail a machine. Thus, these tests have become a horrendous waste of time for human users, a horror for people with disabilities, and, at the same time, a disaster for privacy since many tools tend to keep a record of the tests and track users.
In a study published last summer by researchers from Microsoft and the University of California, it was found that human users take 15-26 seconds to solve an object recognition CAPTCHA within a network of images, with an accuracy of 81% on average. A bot is able to solve a similar test in about 20 seconds with an accuracy of 83%. In distorted text fields, humans needed 9-15 seconds to solve the test with accuracy rates of 50-84%, bots took less than one second to solve the test and with an accuracy rate of 99.8%. According to another estimate by Forter, a company that helps retail companies deal with online fraud, for every dollar CAPTCHA helps block in fraudulent transactions, $30 is lost by CAPTCHA blocking or discouraging genuine customers.
Google found a more creative way than the familiar CAPTCHA, which is also depressing. Instead of developing tools that will make it difficult for human interaction, the reCAPTCHA v3 developed by Google verifies humans by monitoring the online activity, even before you have clicked on the box where you declare that you are "not a robot." The tool compares this pattern to the models it created that constitute organic human interaction. Apple is also working to end the CAPTCHA era for its customers as much as possible, and in many cases has replaced the test with private access tokens. The tool that the company launched about a year ago is designed to identify ahead of time when a browsing request comes from a human user, thus completely eliminating the CAPTCHA test. According to this method, users can issue themselves "authorized" tokens which they display on the various websites.
The solutions are good but not perfect, and CAPTCHA unfortunately remains a thriving business. As long as bots continue to be a problem that only gets worse, it can be assumed that the types of tests we have to pass will continue to be more difficult and waste more time. Meanwhile it's also good business for the tech giants, who continue to use us all as free labor to train more AI models for the big corporations.
